eDreams: mayor supervisión de la seguridad con Elastic Stack

•

0 likes•1,463 views

Descubre cómo eDreams utiliza Elastic Stack para obtener información sobre los usuarios, y cómo está implementando Elastic SIEM y el aprendizaje automático para agilizar la supervisión de la seguridad.

Technology

1
Josep Mangas
Head of IT & Security, eDreams
Feb 18, 2020
eDreams - Powering
Security Monitoring with the
Elastic Stack

If you know the enemy and know
yourself you need not fear the
results of a hundred battles
Sun Tzu - The Art of War

4
Early lessons learned
• Security trends to focus on knowing the “enemy”, but you need to know
yourself first.
• In an e-commerce, the most important thing is trust and ease of use while
buying.
• The biggest threat is that something could affect the customer experience
and he/she doesn’t buy

5
Have we done our homework?
• In the case of eDreams:
• How are customers interacting with our e-commerce platform?
• How do they buy?
• What is a “normal” customer behaviour?
• Which are the main endpoints?
• Where are the critical APIs?
• How are the different flows?
• In order to protect our site, we need to know what to protect.
• And it is not about TECHNOLOGY! It is about covering the BASICS!

6
Looking for the right tripmate
• What tool do we use that help us to “discover” our site and could be flexible
enough for short-term needs and long-term needs?
• Elastic was already used by the DevOps team, so it was an easy choice
• Open and flexible
• Unify logging environments
• Rapid deployment and ROI
• Can add value in other fields (compliance, fraud)
• Widespread knowledge
• Interesting roadmap
• Fits into the Agile mindset

7
Elastic as a solution that fits well,
• Log integration in three different environments.
• E-commerce Site on Prem
• E-commerce Site cloud base (GCP)
• Corporate IT (the usual suspects)
• Log identification (user behaviour, payment flow, ids, vpn, saml, SaaS, AD …)
• Wazuh - Compliance (PCI-DSS)
• MISP integration
• Dashboards ready to use within minutes
• Hep to better know ourselves
• Hypothesis checker
• Self made index and pre-processing
1st Phase, Gathering

8
• Active monitoring of
relevant assets.
• TimeLion, Alert, SIEM,
Geolocation, ASN
• Dashboards everywhere
business, technical and
non-technical
• Support processes
with other areas
• Discover correlations
• Free the information
• SIEM… maturing
• Alarm
• Slack
• Testing ML
• Integration with rest of
the teams
• Moving to Cloud
• Cross nodes queries
• More and more alerts
• More and more business
cases
• Adding new Elastic Stack
functionalities
Maturing & Improving
Visibility
Automating & Integrating Centralizing and new
functionalities
Elastic as a solution that fits well,

9
Some Figures
• 3 Clusters (15 nodes)
• 2 x 6 nodes ( 3 Master + Data , 3 Data)
• 3 nodes ( 3 Master + Data)
• ~250 GB x day and 25 M Documents
• V 7.4. And Wazuh 3.10
• ~ 60 Dashboards
• 3 ML jobs
• Cross-Clusters Query
• Integration with MISP and GeoIP
Looking forward … to a unique bigger cluster (GCP)

10
Automation, the next frontier
• Identify business case / need
• Do we have the source?
• How is it shown at Elastic level?
• What are the normal / abnormal thresholds?
• Set up Alert, Integrate with Slack, Define Playbook, Escalate to team owner

11
Machine Learning, discovering the unknown
• Identify business case / need
• When need to find the hidden (WIP)
• Again, you know yourself and your customers.
• You expecting things go one known way.
• ML can help you to detect things that divert from the Happy Path.

12
Late Lessons Learnt
• Identify business case / need
• Use ECS from the beginning.
• Minimize pre-parsing
• Invest in others people’s time.
• It will speed up your deployment
• Have in mind what you’re looking for
• That helps to identify relevant sources of information.
• Check Hypothesis.
• Share the insights you create
• The info can be helpful for other teams.
• Test new capabilities of the Elastic stack.
• And challenge the old ones.

1) The document introduces ElasticON Solution Series, which provides out-of-the-box personalized, centralized, and secure organizational search across internal and external sources. 2) It discusses how Elastic Enterprise Search can improve productivity, satisfaction, collaboration, and decision making by connecting all applications and content with a single scalable search platform. 3) The solution achieves this through intuitive search features, powerful analytics and visualization tools, simplified administration, and security certifications to ensure data protection.

Migrating a legacy logging system: Etsy’s journey to Elastic Cloud

Elasticsearch

Automatiza las detecciones de amenazas y evita falsos positivos

Imma Valls Bernaus

Eliminar los puntos ciegos significa que tienes suficiente contexto. ¿Pero, puedes obtener información importante de ese contexto cuándo lo necesitas? Aprende a detectar amenazas mientras evitas el ruido de falsos positivos, con el motor de detección de Elastic Security. Verás cómo automatizar la detección de amenazas mediante correlaciones y Machine Learning, con ejemplos reales de cada uno.

Madrid Elastic Meetup February 11 2019 - Release 6.x features

Imma Valls Bernaus

Real-time Big Data at FPT (for TechCamp University)

Trieu Nguyen

RFX - Full-Stack Technology for Real-time Big Data

Trieu Nguyen

RFX is a full-stack technology framework for real-time big data processing that was created in 2013 and is used by FPT for analytics tasks on websites like Vnexpress.net and eclick.vn. It is built from open source projects like Akka, Netty, Kafka, Spark, Redis and uses a reactive programming approach to optimize user experience through real-time data processing and business logic. RFX aims to provide a fast data intelligence platform for solving problems like analytics, user segmentation, and automatic optimization of user experiences.

Elastic community Abidjan #225 meetup 08 May 2021

Yassine, LASRI

Yassine LASRI is a product manager who has worked with Elastic since 2017. He organized Elastic user groups and is a certified Elastic engineer. Synapticiel provides analytics solutions for telcos using tools like Elasticsearch. It offers consulting and training on the Elastic stack. Modern applications are more complex to monitor as resources are distributed across orchestration systems and jobs are ephemeral. Traditionally, monitoring tools are siloed but Elastic provides an integrated approach to observability through logs, metrics, and application performance monitoring demonstrated in a demo.

1. The document discusses using the RFX (Reactive Function X) framework to solve problems with fast data processing. 2. RFX is a design pattern and collection of open source tools that can be used to quickly build data products and implement an agile data pipeline. 3. Examples of how RFX could be used for web analytics are presented, including counting pageviews and unique users in near real-time and detecting DDOS attacks.

Reactive Reatime Big Data with Open Source Lambda Architecture - TechCampVN 2014

Trieu Nguyen

This document discusses using a reactive lambda architecture with open source tools to solve real-time big data problems. It begins by defining big data and explaining that simply having data is not enough - you need to solve the right problems with the right team and tools. It then presents three example problems that could benefit from real-time big data solutions: disaster prediction and response, understanding customers through social media data, and optimizing marketing campaigns in real-time. The document proposes using a reactive lambda architecture along with open source frameworks like Hadoop, Spark, Storm and databases like Redis, HDFS and HBase to build streaming data pipelines and query data in real-time. It demonstrates this through a social media user tracking and personalized recommendations use

Hunting for Evil with the Elastic Stack

Elasticsearch

Stream Analytics

Software Infrastructure

Between 2017 and 2022, the market for event stream processing platforms is estimated to grow 15% annually. Streaming analytics software can filter, aggregate, enrich, and analyze high throughput data from multiple sources to identify patterns and provide context to automate actions and dynamically adapt. Popular open source platforms include Apache Storm, Apache Flink, and Spark Streaming which provide real-time, parallel, and fault-tolerant processing of streaming data.

University of Oxford: building a next generation SIEM

Elasticsearch

New York Elastic{ON} Tour Opening Keynote

Elasticsearch

Data Structure and Types

Anjani Phuyal

This document provides an overview of key concepts for AWS Certified Data Analytics, including data structures, types, preparation, sources, formats (structured, unstructured, semi-structured), the data lifecycle, AWS services for data storage and analytics, and visualization. It emphasizes that data is a valuable commodity and discusses challenges of analyzing growing unstructured data from various sources using traditional tools.

Quick Intro to Google Cloud Technologies

Chris Schalk

This document provides an introduction to Google's cloud technologies including Google App Engine, Google Storage, the Prediction API, and BigQuery. It describes each technology's capabilities and how developers can use them. Google App Engine is an application development platform, Storage provides cloud data storage, Prediction API enables machine learning predictions, and BigQuery allows fast, SQL-based analysis of large datasets. Examples and demos of each technology are also presented.

Real-Time Analytics with MemSQL and Spark

SingleStore

DataStax: Steps to successfully implementing NoSQL in the enterprise

DataStax Academy

Tech essentials for Product managers

Nitin T Bhat

This presentation provides an overview of key cloud computing concepts including major cloud components, cloud fundamentals, and cloud service models. It discusses compute, network, storage, power/data centers and security as major cloud components. It defines cloud fundamentals such as elasticity, security, availability, API model, and multi-tenancy. It also describes software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) models and discusses virtualization, cloud storage, utility computing, and challenges of cloud computing.

Building a Data Driven Company

Maciej Mróz

How would AI shape Future Integrations?

Srinath Perera

This document discusses how AI could shape future integrations. It begins by explaining different types of tasks that AI can perform, such as those that can be precisely explained versus those requiring examples and feedback to learn. The document then covers benefits of AI like speed, lower costs, and ability to learn and extrapolate. It discusses using AI for cost savings, competitive advantages, and new revenue streams through insights. Challenges of AI like lack of data and skilled professionals are presented along with risks such as bias, privacy issues, and how mistakes can be more harmful than for humans. Various use cases of AI in integration are explored such as enhancing inputs, security, and automatic integration. The document concludes that AI will create many new integration opportunities

Big Data at a Gaming Company: Spil Games

Rob Winters

cloud session uklug

dominion

This document provides an overview and guidance for organizations planning a move to cloud collaboration. It discusses why organizations are moving to the cloud, important factors to consider when planning a cloud implementation such as choosing a vendor, conducting a pilot project, reviewing security, migration, and administration. The document emphasizes preparing by evaluating an organization's current environment and processes, as well as planning for user training and help desk support once the cloud is implemented. Key considerations include data security, compliance with regulations, disaster recovery, and service level agreements.

[DSC Europe 22] On the Aspects of Artificial Intelligence and Robotic Autonom...

DataScienceConferenc1

Autonomy in targeting is a function that could be applied to any intelligent system, in particular the rapidly expanding array of robotic systems, in the air, on land and at sea – including swarms of small robots. This is an area of significant investment and emphasis for many armed forces, and the question is not so much whether we will see more intelligent robots, but whether and by what means they will remain under human control. Today’s remote-controlled weapons could become tomorrow’s autonomous weapons with just a software upgrade. The central element of any future autonomous weapon system will be the software. Military powers are investing in AI for a wide range of applications10 and significant efforts are already underway to harness developments in image, facial and behavior recognition using AI and machine learning techniques for intelligence gathering and “automatic target recognition” to identify people, objects or patterns. Although not all autonomous weapon systems incorporate AI and machine learning, this software could form the basis of future autonomous weapon systems.

DataStax | Adversarial Modeling: Graph, ML, and Analytics for Identity Fraud ...

DataStax

This document provides an overview of adversarial modeling techniques for fraud detection. It discusses using machine learning, graph theory, and text analytics together in an agile process. Unsupervised learning and graph networks are important for discovering fraud patterns. Text analysis can link similar documents and be incorporated into models. The problem requires cross-functional teams and deploying solutions iteratively to rapidly respond to adversaries' changing behaviors. Rather than a single approach, an ensemble of data models, tools and techniques works best.

Blockchain CIO City 2017 update - Sander van Loosbroek | Cegeka

Cegeka

Top Business Intelligence Trends for 2016 by Panorama Software

Panorama Software

CTO Summit 2016: Navigating Build vs. Buy at CleverTap

CleverTap

8 Pitfalls of Next Generation IAM Programs

Dave Shields

What's hot

From Data Analytics to Fast Data Intelligence

Trieu Nguyen

Slide 3 Fast Data processing with kafka, rfx and redis

Trieu Nguyen

Reactive Reatime Big Data with Open Source Lambda Architecture - TechCampVN 2014

Trieu Nguyen

Hunting for Evil with the Elastic Stack

Elasticsearch

Stream Analytics

Software Infrastructure

University of Oxford: building a next generation SIEM

Elasticsearch

New York Elastic{ON} Tour Opening Keynote

Elasticsearch

Data Structure and Types

Anjani Phuyal

Quick Intro to Google Cloud Technologies

Chris Schalk

Real-Time Analytics with MemSQL and Spark

SingleStore

DataStax: Steps to successfully implementing NoSQL in the enterprise

DataStax Academy

What's hot (11)

From Data Analytics to Fast Data Intelligence

Slide 3 Fast Data processing with kafka, rfx and redis

Reactive Reatime Big Data with Open Source Lambda Architecture - TechCampVN 2014

Hunting for Evil with the Elastic Stack

Stream Analytics

University of Oxford: building a next generation SIEM

New York Elastic{ON} Tour Opening Keynote

Data Structure and Types

Quick Intro to Google Cloud Technologies

Real-Time Analytics with MemSQL and Spark

DataStax: Steps to successfully implementing NoSQL in the enterprise

Similar to eDreams: mayor supervisión de la seguridad con Elastic Stack

Tech essentials for Product managers

Nitin T Bhat

Building a Data Driven Company

Maciej Mróz

How would AI shape Future Integrations?

Srinath Perera

Big Data at a Gaming Company: Spil Games

Rob Winters

cloud session uklug

dominion

[DSC Europe 22] On the Aspects of Artificial Intelligence and Robotic Autonom...

DataScienceConferenc1

DataStax | Adversarial Modeling: Graph, ML, and Analytics for Identity Fraud ...

DataStax

Blockchain CIO City 2017 update - Sander van Loosbroek | Cegeka

Cegeka

Top Business Intelligence Trends for 2016 by Panorama Software

Panorama Software

CTO Summit 2016: Navigating Build vs. Buy at CleverTap

CleverTap

8 Pitfalls of Next Generation IAM Programs

Dave Shields

IT security for all. Bootcamp slides

Wallarm

This document discusses security considerations for startups. It notes that while startups often don't prioritize security due to budget constraints, security breaches can impact revenue and data. The document outlines best practices at different layers including external network, application, internal network, and staff awareness. It also provides examples of typical security issues that startups encounter like platform dependencies and vulnerabilities, and recommends basic security scans and education resources to help improve practices.

Top BI trends and predictions for 2017

Panorama Software

How an Attacker "Audits" Your Software Systems

Security Innovation

Software runs today’s business; however, security implications are often misunderstood, creating significant organizational risk. Poorly configured servers, 3rd-party software, and continuous release cycles put additional pressure on already stressed teams. Hackers no longer just exploit vulnerabilities in code -- faulty cloud deployments, weak database structures, and business logic problems are also easy targets for attackers. To reduce risk, you’ve got to audit your system in the same way an attacker would. This presentation demonstrates how attackers compromise the modern enterprise. For each attack demonstrated, mitigation practices will be discussed. WARNING: software will be harmed during this presentation. Viewer discretion advised.

The Lost Tales of Platform Design (February 2017)

Julien SIMON

EVAIN Artificial intelligence and semantic annotation: are you serious about it?

FIAT/IFTA

Neotys PAC - Todd De Capua

Neotys_Partner

Neotys organized its first Performance Advisory Council in Scotland, the 14th & 15th of November. With 15 Load Testing experts from several countries (UK, France, New-Zeland, Germany, USA, Australia, India…) we explored several theme around Load Testing such as DevOps, Shift Right, AI etc. By discussing around their experience, the methods they used, their data analysis and their interpretation, we created a lot of high-value added content that you can use to discover what will be the future of Load Testing. You want to know more about this event ? https://www.neotys.com/performance-advisory-council

IT webinar 2016

PR Cell, IIM Rohtak

Msst 2019 v4

Nisha Talagala

The document discusses challenges for machine learning data storage and management. It notes that machine learning workloads involve large and growing data sizes and types. Proper data governance is also essential for ensuring trustworthy machine learning systems, through mechanisms like data lineage tracking and access control. Emerging areas like edge computing further complicate storage needs. Effective machine learning storage systems will need to address issues of data access speeds, management, reproducibility and governance.

Chatbots: Automated Conversational Model using Machine Learning

AlgoAnalytics Financial Consultancy Pvt. Ltd.

Similar to eDreams: mayor supervisión de la seguridad con Elastic Stack (20)

Tech essentials for Product managers

Building a Data Driven Company

How would AI shape Future Integrations?

Big Data at a Gaming Company: Spil Games

cloud session uklug

[DSC Europe 22] On the Aspects of Artificial Intelligence and Robotic Autonom...

DataStax | Adversarial Modeling: Graph, ML, and Analytics for Identity Fraud ...

Blockchain CIO City 2017 update - Sander van Loosbroek | Cegeka

Top Business Intelligence Trends for 2016 by Panorama Software

CTO Summit 2016: Navigating Build vs. Buy at CleverTap

8 Pitfalls of Next Generation IAM Programs

IT security for all. Bootcamp slides

Top BI trends and predictions for 2017

How an Attacker "Audits" Your Software Systems

The Lost Tales of Platform Design (February 2017)

EVAIN Artificial intelligence and semantic annotation: are you serious about it?

Neotys PAC - Todd De Capua

IT webinar 2016

Msst 2019 v4

Chatbots: Automated Conversational Model using Machine Learning

More from Elasticsearch

An introduction to Elasticsearch's advanced relevance ranking toolbox

Elasticsearch

The hallmark of a great search experience is always delivering the most relevant results, quickly, to every user. The difficulty lies behind the scenes in making that happen elegantly and at a scale. From App Search’s intuitive drag and drop interface to the advanced relevance capabilities built into the core of Elasticsearch — Elastic offers a range of tools for developers to tune relevance ranking and create incredible search experiences. In this session, we’ll explore some of Elasticsearch’s advanced relevance ranking features, such as dense vector fields, BM25F, ranking evaluation, and more. Plus we’ll give you some ideas for how these features are being used by other Elastic users to create world-class, category defining search experiences.

From MSP to MSSP using Elastic

Elasticsearch

Eze Castle Integration is a managed service provider (MSP), cloud service provider (CSP), and internet service provider (ISP) that delivers services to more than 1,000 clients around the world. Different departments within Eze Castle have devised their own log aggregation solutions in order to provide visibility, meet regulatory compliance requirements, conduct cybersecurity investigations, and help engineers with troubleshooting infrastructure issues. In 2019, they partnered with Elastic to consolidate the data generated from different systems into a single pane of glass. And thanks to the ease of deployment on Elastic Cloud, professional consultation services from Elastic engineers, and on-demand training courses available on Elastic Learning, Eze Castle was able to go from proof-of-concept to a fully functioning ""Eze Managed SIEM"" product within a month! Learn about Eze Castle's journey with Elastic and how they grew Eze Managed SIEM from zero to 100 customers In less than 14 months.

Cómo crear excelentes experiencias de búsqueda en sitios web

Elasticsearch

Descubre lo fácil que es crear búsquedas relevantes y enriquecidas en sitios web de cara al público para impulsar las conversiones, incrementar el consumo de contenido y ayudar a los visitantes a encontrar lo que necesitan. Realiza un recorrido por las herramientas de Elastic a las que puedes sacar partido para transformar con facilidad tu sitio web, lo que incluye nuestro nuevo y potente rastreador web.

Tirez pleinement parti d'Elastic grâce à Elastic Cloud

Elasticsearch

Découvrez pourquoi Elastic Cloud est la solution idéale pour exploiter toutes les offres d'Elastic. Bénéficiez d'une flexibilité d'achat et de déploiement au sein de Google Cloud, de Microsoft Azure, d'Amazon Web Services ou des trois à la fois. Apprenez quels avantages vous apporte une offre de service géré et déterminez la solution qui vous permet de la gérer par vous-même grâce à des outils intégrés d'automatisation et d'orchestration. Et ce n'est pas tout ! Familiarisez-vous avec les fonctionnalités qui peuvent vous aider à scaler vos opérations au fur et à mesure de l'évolution de votre déploiement, à stocker vos données d'une manière rentable et à optimiser vos recherches. Ainsi, vous n'aurez plus à abandonner de données et obtiendrez les informations exploitables dont vous avez besoin pour assurer le fonctionnement de votre entreprise.

Comment transformer vos données en informations exploitables

Elasticsearch

Plongez au cœur de la recherche dans tous ses états.

Elasticsearch

À l'instar de la plupart des entreprises modernes, vos équipes utilisent probablement plus de 10 applications hébergées dans le cloud chaque jour, mais passent aussi bien trop de temps à chercher les informations dont elles ont besoin dans ces outils. Grâce aux fonctionnalités prêtes à l'emploi d'Elastic Workplace Search, découvrez combien il est facile de mettre le contenu pertinent à portée de la main de vos équipes grâce à une recherche unifiée sur l'ensemble des applications qu'elles utilisent pour faire leur travail.

Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]

Elasticsearch

An introduction to Elasticsearch's advanced relevance ranking toolbox

Elasticsearch

Welcome to a new state of find

Elasticsearch

Like most modern organizations, your teams are likely using upwards of 10 cloud-based applications on a daily basis, but spending far too many hours a day searching for the information they need across all of them. With the out-of-the-box capabilities of Elastic Workplace Search, see how easy it is to put relevant content right at your teams’ fingertips with unified search across all the apps they rely on to get work done.

Building great website search experiences

Elasticsearch

Keynote: Harnessing the power of Elasticsearch for simplified search

Elasticsearch

Cómo transformar los datos en análisis con los que tomar decisiones

Elasticsearch

Explore relève les défis Big Data avec Elastic Cloud

Elasticsearch

Spécialisée dans le développement et la gestion de solutions de veille documentaire et commerciale, Explore offre à ses clients une lecture précise et organisée de l’actualités des marchés et projets sur leurs territoires d'intervention. Afin de rendre leur offre plus agile et performante, Explore a choisi l’offre Elastic Cloud hébergée sur Microsoft Azure. Découvrez comment les équipes de production et de développement sont désormais en mesure de mieux exploiter les données pour les clients d’Explore et gagnent du temps sur la gestion de leur infrastructure.

Comment transformer vos données en informations exploitables

Elasticsearch

Transforming data into actionable insights

Elasticsearch

Opening Keynote: Why Elastic?

Elasticsearch

"Elastic enables the world’s leading organization to exceed their business objectives and power their mission-critical systems by eliminating data silos, connecting the dots, and transforming data of all types into actionable insights. Come learn how the power of search can help you quickly surface relevant insights at scale. Whether you are an executive looking to reduce operational costs, a department head striving to do more with fewer tools, or engineer monitoring and protecting your IT environment, this session is for you. "

Empowering agencies using Elastic as a Service inside Government

Elasticsearch

It has now been four years since the beta release of Elastic Cloud Enterprise which kicked off a wave of the Elastic public sector community running Elastic as a service within Government rather than utilizing purely hosted solutions. Fast forward to 2021 and we have multiple options for multiple mission needs. Learn top tips from Elastic architects and their experience enabling their teams with the automation and provisioning of Elastic tech to change the game in how government delivers solutions.

The opportunities and challenges of data for public good

Elasticsearch

The document discusses data for public good and the opportunities and challenges involved. It notes that data infrastructure is needed to deliver public good through data. There are almost endless opportunities to use data for public services, policy, and citizen benefits. However, challenges include legacy systems, data silos, unclear governance, and risk aversion. As a case study, it outlines how the UK Census 2021 addressed index faced challenges but showed progress on using data better, with lessons for continued public sector transformation.

Enterprise search and unstructured data with CGI and Elastic

Elasticsearch

What's new at Elastic: Update on major initiatives and releases

Elasticsearch

More from Elasticsearch (20)

An introduction to Elasticsearch's advanced relevance ranking toolbox

From MSP to MSSP using Elastic

Cómo crear excelentes experiencias de búsqueda en sitios web

Tirez pleinement parti d'Elastic grâce à Elastic Cloud

Comment transformer vos données en informations exploitables

Plongez au cœur de la recherche dans tous ses états.

Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]

An introduction to Elasticsearch's advanced relevance ranking toolbox

Welcome to a new state of find

Building great website search experiences

Keynote: Harnessing the power of Elasticsearch for simplified search

Cómo transformar los datos en análisis con los que tomar decisiones

Explore relève les défis Big Data avec Elastic Cloud

Comment transformer vos données en informations exploitables

Transforming data into actionable insights

Opening Keynote: Why Elastic?

Empowering agencies using Elastic as a Service inside Government

The opportunities and challenges of data for public good

Enterprise search and unstructured data with CGI and Elastic

What's new at Elastic: Update on major initiatives and releases

Recently uploaded

Monitoring and Managing Anomaly Detection on OpenShift.pdf

Tosin Akinosho

Monitoring and Managing Anomaly Detection on OpenShift Overview Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices. Key Topics Covered 1. Introduction to Anomaly Detection - Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems. 2. Understanding Edge (IoT) - Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source. 3. What is ArgoCD? - Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices. 4. Deployment Using ArgoCD for Edge Devices - Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD. 5. Introduction to Apache Kafka and S3 - Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions. 6. Viewing Kafka Messages in the Data Lake - Learn how to view and analyze Kafka messages stored in a data lake for better insights. 7. What is Prometheus? - Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices. 8. Monitoring Application Metrics with Prometheus - Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system. 9. What is Camel K? - Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes. 10. Configuring Camel K Integrations for Data Pipelines - Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow. 11. What is a Jupyter Notebook? - Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text. 12. Jupyter Notebooks with Code Examples - Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

saastr

Programming Foundation Models with DSPy - Meetup Slides

Zilliz

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx

SitimaJohn

Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.

Skybuffer SAM4U tool for SAP license adoption

Tatiana Kojar

Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool. SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.

System Design Case Study: Building a Scalable E-Commerce Platform - Hiike

Hiike

Presentation of the OECD Artificial Intelligence Review of Germany

innovationoecd

Serial Arm Control in Real Time Presentation

tolgahangng

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

Introduction of Cybersecurity with OSS at Code Europe 2024

Hiroshi SHIBATA

I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems. The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS. Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application. I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.

Columbus Data & Analytics Wednesdays - June 2024

Jason Packer

Recommendation System using RAG Architecture

fredae14

Operating System Used by Users in day-to-day life.pptx

Pravash Chandra Das

Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes. Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions. Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻 The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️ Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution. The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟

leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...

alexjohnson7307

Fueling AI with Great Data with Airbyte Webinar

Zilliz

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

saastr

Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on integration of Salesforce with Bonterra Impact Management. Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

5th LF Energy Power Grid Model Meet-up Slides

DanBrown980551

5th Power Grid Model Meet-up It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology. Power Grid Model The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services. Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability. Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization. What to expect For the upcoming meetup we are organizing, we have an exciting lineup of activities planned: -Insightful presentations covering two practical applications of the Power Grid Model. -An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024. -An interactive brainstorming session to discuss and propose new feature requests. -An opportunity to connect with fellow Power Grid Model enthusiasts and users.

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers

akankshawande

TrustArc Webinar - 2024 Global Privacy Survey

TrustArc

How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024? In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores. See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe. This webinar will review: - The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey - The top challenges for privacy leaders, practitioners, and organizations in 2024 - Key themes to consider in developing and maintaining your privacy program

Recently uploaded (20)

Monitoring and Managing Anomaly Detection on OpenShift.pdf

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

Programming Foundation Models with DSPy - Meetup Slides

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx

Skybuffer SAM4U tool for SAP license adoption

System Design Case Study: Building a Scalable E-Commerce Platform - Hiike

Presentation of the OECD Artificial Intelligence Review of Germany

Serial Arm Control in Real Time Presentation

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Introduction of Cybersecurity with OSS at Code Europe 2024

Columbus Data & Analytics Wednesdays - June 2024

Recommendation System using RAG Architecture

Operating System Used by Users in day-to-day life.pptx

leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...

Fueling AI with Great Data with Airbyte Webinar

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...

5th LF Energy Power Grid Model Meet-up Slides

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers

TrustArc Webinar - 2024 Global Privacy Survey

eDreams: mayor supervisión de la seguridad con Elastic Stack

1. 1 Josep Mangas Head of IT & Security, eDreams Feb 18, 2020 eDreams - Powering Security Monitoring with the Elastic Stack

2. If you know the enemy and know yourself you need not fear the results of a hundred battles Sun Tzu - The Art of War

3. 3 Knowing eDreams ODIGEO

4. 4 Early lessons learned • Security trends to focus on knowing the “enemy”, but you need to know yourself first. • In an e-commerce, the most important thing is trust and ease of use while buying. • The biggest threat is that something could affect the customer experience and he/she doesn’t buy

5. 5 Have we done our homework? • In the case of eDreams: • How are customers interacting with our e-commerce platform? • How do they buy? • What is a “normal” customer behaviour? • Which are the main endpoints? • Where are the critical APIs? • How are the different flows? • In order to protect our site, we need to know what to protect. • And it is not about TECHNOLOGY! It is about covering the BASICS!

6. 6 Looking for the right tripmate • What tool do we use that help us to “discover” our site and could be flexible enough for short-term needs and long-term needs? • Elastic was already used by the DevOps team, so it was an easy choice • Open and flexible • Unify logging environments • Rapid deployment and ROI • Can add value in other fields (compliance, fraud) • Widespread knowledge • Interesting roadmap • Fits into the Agile mindset

7. 7 Elastic as a solution that fits well, • Log integration in three different environments. • E-commerce Site on Prem • E-commerce Site cloud base (GCP) • Corporate IT (the usual suspects) • Log identification (user behaviour, payment flow, ids, vpn, saml, SaaS, AD …) • Wazuh - Compliance (PCI-DSS) • MISP integration • Dashboards ready to use within minutes • Hep to better know ourselves • Hypothesis checker • Self made index and pre-processing 1st Phase, Gathering

8. 8 • Active monitoring of relevant assets. • TimeLion, Alert, SIEM, Geolocation, ASN • Dashboards everywhere business, technical and non-technical • Support processes with other areas • Discover correlations • Free the information • SIEM… maturing • Alarm • Slack • Testing ML • Integration with rest of the teams • Moving to Cloud • Cross nodes queries • More and more alerts • More and more business cases • Adding new Elastic Stack functionalities Maturing & Improving Visibility Automating & Integrating Centralizing and new functionalities Elastic as a solution that fits well,

9. 9 Some Figures • 3 Clusters (15 nodes) • 2 x 6 nodes ( 3 Master + Data , 3 Data) • 3 nodes ( 3 Master + Data) • ~250 GB x day and 25 M Documents • V 7.4. And Wazuh 3.10 • ~ 60 Dashboards • 3 ML jobs • Cross-Clusters Query • Integration with MISP and GeoIP Looking forward … to a unique bigger cluster (GCP)

10. 10 Automation, the next frontier • Identify business case / need • Do we have the source? • How is it shown at Elastic level? • What are the normal / abnormal thresholds? • Set up Alert, Integrate with Slack, Define Playbook, Escalate to team owner

11. 11 Machine Learning, discovering the unknown • Identify business case / need • When need to find the hidden (WIP) • Again, you know yourself and your customers. • You expecting things go one known way. • ML can help you to detect things that divert from the Happy Path.

12. 12 Late Lessons Learnt • Identify business case / need • Use ECS from the beginning. • Minimize pre-parsing • Invest in others people’s time. • It will speed up your deployment • Have in mind what you’re looking for • That helps to identify relevant sources of information. • Check Hypothesis. • Share the insights you create • The info can be helpful for other teams. • Test new capabilities of the Elastic stack. • And challenge the old ones.

13. Q&A, by the (fake) futbolin

eDreams: mayor supervisión de la seguridad con Elastic Stack

Recommended

Recommended

More Related Content

What's hot

What's hot (11)

Similar to eDreams: mayor supervisión de la seguridad con Elastic Stack

Similar to eDreams: mayor supervisión de la seguridad con Elastic Stack (20)

More from Elasticsearch

More from Elasticsearch (20)

Recently uploaded

Recently uploaded (20)

eDreams: mayor supervisión de la seguridad con Elastic Stack